package com.qf.shiro2203.contorller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
public class OrderController {
    //以注解的形式处理身份和权限   身份和权限没必要同时写
   // @RequiresRoles({"admin","normal"}) //这个写法说明这两个身份都要有，少一个就登录不了
    //@RequiresPermissions({"order:get"})  //处理权限
    @RequiresPermissions({"order:get:*"})  //需要当前用户拥有 以order:get开头的 权限
    @GetMapping("/save")
    public String save(){
        return "redirect:/order.html";
    }
//----------------------------------任选其一就行  推荐上面的-------------------------------
    @RequestMapping("/manage")
    public String manage(){
        //获取shiro当前用户对象
        Subject subject = SecurityUtils.getSubject();

        //检查有没有订单的查询权限  isPermitted
        if (subject.isPermitted("order:get")){
            System.out.println("ok");
        }else {
            System.out.println("no");
        }


        //检查当前用户是否有admin身份    hasRole
        if (subject.hasRole("admin")){
            return "redirect:/order.html";
        }else {
            return "redirect:/error.html";
        }
    }
}
